I grabbed the September 7 download for Linux 2.4.7 (RedHat 7.0). When I
run ntop, I use the -m switch to specify additional subnets as local, for
example, 192.168.0.0/16. Ntop seems to pick a particular host, collects a
set of IP addresses and then claims that the host is multihomed. That
messes up the information such as how much traffic the host is moving and
what connections it is making, because all of the hosts are treated as
one.
All of the hosts are on the other side of a router. The only thing I can
imagine is that ntop is seeing all of these addresses come from the same
MAC address (the router). So, it assumes that this is a multihomed
computer. If I don't use the -m switch, things work, but hosts that are
not on the local network segment are identified as remote. Is this the way
this is supposed to work or am I doing something wrong?
On a different topic, ntop seems to give up too early for resolving IP
addresses to host names. All of our local hosts are defined in our name
server, but ntop only resolves some of the IP addresses.
----
Russell Mosemann, Ph.D. * Computing Services * Concordia University, Nebraska
"I decided to go into computer programming instead of music because
my Bach was worse than my byte." - my quote in Reader's Digest
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
